Recent research from Cofense reveals a worrying escalation in phishing attacks by hackers to harvest user credentials at unprecedented rates.
The evidence of cyber attacks, particularly those aimed at credential phishing, has spiked alarmingly. The third quarter witnessed a 45% jump from the second quarter and an 85% surge compared to the same period last year. PDFs rank as the most frequently used vehicle for these malicious phishing emails.
Phishing Tactics Evolve
Hackers continue to refine their strategies. To slip past email spam filters, they now exploit Google AMP. This cloaks phishing links with the veneer of legitimacy, using the trusted ‘www.google.com‘ domain. Additionally, QR codes have become a deceitful tool. They lure victims to seemingly genuine websites that then coax out login credentials.
The advent of AI in recent years is set to impact the frequency of phishing attacks. Although AI serves as a tool to counteract phishing efforts, fraudsters also leverage it to refine their strategies. They are employing AI to craft email threads that mimic authentic correspondence so closely that they are often undetectable as fakes. This trend is expected to intensify in the coming years.
Malware Trends: Keyloggers and Stealers
Agent Tesla keylogger and FormBook information stealer lead the malware pack associated with phishing. The preferred infection tactics include exploiting the CVE-2017-11882 vulnerability and using PDF droppers. These droppers trigger malware installation once the recipient opens the document.
While .com domains maintain their status as phishing favourites, .ru domains have climbed in popularity, driven by the success of the phishing as a Service (PhaaS) tool Caffeine.
The Role of C2 Servers
Despite the challenge of pinpointing fraudster locations due to VPN use, Cofense has identified malicious activities through Command and Control (C2) servers. These servers orchestrate phishing campaigns. The US continues to host the majority of C2 nodes, with a 71% share in phishing operations using American IP addresses. This trend is likely to persist, given the abuse of US-based cloud hosting services by threat actors.
For UK authorities, pinpointing the origins of international phishing campaigns can prove exceedingly difficult, especially given their constrained budgets and expertise. Even with top-notch teams and technology, these attacks are notoriously elusive to trace. Without a serious commitment to addressing phishing, it will likely continue to increase unchecked.
The Need for Increased Awareness
The report underscores an imminent threat landscape where phishing attacks are not only growing but also becoming more sophisticated. Hackers are relentlessly pushing the boundaries, making fraud awareness and education more crucial than ever. Protecting credentials against these phishing onslaughts is imperative. As hackers innovate, so must individuals and organisations in their defensive strategies against these cyber menaces.
Simply clicking on what appears to be a harmless link in an email can lead to disastrous consequences. This single action can unravel a person’s life by allowing malware to infiltrate their computer or exposing their online banking details to fraudsters. Once in control, these criminals can drain bank accounts, redirect payments, and even go as far as to re-mortgage or sell properties under the victim’s name. Vigilance is crucial. Should you have any doubts about the legitimacy of an email, refrain from opening it. Instead, please forward it to: [email protected].
